#cisa-kev
5 articles
Government and technology sectors in North America and the EU were the primary targets in recent CISA-KEV activity, with five articles published between April and May 2026. The coverage highlighted vulnerabilities including CVE-2024-57728 (CVSS 7.2), CVE-2026-9082 (CVSS 6.5), CVE-2009-0238, and CVE-2025-2749, affecting federal government, enterprise, and financial services. The severity mix comprised two medium, two high, and one critical issue, underscoring a focused threat landscape for these regions.
MEDIUMCVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV
CISA added CVE-2026-9082 (CVSS 6.5) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against all supported Drupal Core versions.
HIGHCVE-2024-57728: SimpleHelp Path Traversal Lets Admins Upload
CISA adds CVE-2024-57728 to Known Exploited Vulnerabilities: SimpleHelp path traversal via zip slip allows admin users to upload arbitrary files and execute code. Due May 8, 2026.
HIGHCVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit
CISA adds CVE-2025-2749 to KEV catalog: Kentico Xperience path traversal lets authenticated Staging Sync Server upload arbitrary files. Due date for federal agencies: May 4, 2026.
MEDIUMNIST NVD Enrichment Change Creates CVSS Gap for 80% of CVEs
NIST now enriches only 15-20% of CVEs under new policy as of April 2026, leaving 80% without CVSS scores or product mappings.
CRITICALMicrosoft Office Excel Flaw Exploited in Active Attacks
CISA orders federal agencies to patch CVE-2009-0238, a 17-year-old Microsoft Office Excel remote code execution flaw, by April 28, 2026, due to active exploitation.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.